skin color theme

Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Hijack This Log

When I scan with Spyware Doctor 4.0, it says I have a trojan called Win anti spyware (I don't remember the exact name). Spyware Doctor can't fix it. I downloaded this trojan a long time ago because I thought it was a program for antispyware. I use SUPER Antispyware and various others like AShampoo, but can't seem to get rid of this trojan. Please help. Thanks.

You will need to fill in the "Country, region, email address" information before you can download and install the ActiveX components necessary to run the scan.

Decide whether you want to click the radio button underneath this part that says -
"I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable." - it's your choice!

When you are asked to "Select a device to scan...", click on "My Computer".

When the scan has finished, click See Report > Save Report which by default will save the scan results as Activescan.txt in My Documents.

Copy and paste the result of the above scan into your next reply along with a fresh HJT log AND a description of how your PC is running.
Also, run HJT and click on Open the Misc Tools section.

Click Open Uninstall Manager...

Click Save list... and save it to your Desktop.

Copy and paste the file uninstall_list.txt into your next reply.

Finally, let me have a list of the files etc... that Spyware Doctor 4.0 detects.

Description: WinAntiVirus is a rogue anti-virus program from WinSoftware which has been known to be downloaded by some trojans. It claims to remove virus infections but instead shows detections of legitimate keys and files to urge users to buy its application. Removal of this software is advisable if it is not installed for a purpose.

Advice: Toss

My laptop seems to be slow at times when running some applications. It also freezes up once and awhile. Other than that I am able to use it for the internet and general/basic use for school and to check my email.

Your first log shows the HJT location as :
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
Your second as:
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe
As I said in my first reply - "You are running HJT from an unsafe location." You either need to unzip HJT or download the installation file that I provided links to and install it.
I don't mind which you do, but HJT needs to be unzipped in order that back-ups can be created of anything that is removed using it.
Let me have a fresh HJT log once you have either unzipped your copy or installed a fresh one.
Does Spyware Doctor give you any details about what it is detecting - files, folders, registry keys?
As to the date, does the clock in your System Tray show the correct date and time?

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.

Updating AVG Anti-Spyware:

By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:

Click the Update icon at the top and under "Manual Update" - click the Start update button.

Either AVG A-S will update or inform you that no update was available.

If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.

Disabling the Resident Shield:

By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
(When the PC has been cleaned you can activate the shield again, if you wish.)

Click the Shield icon at the top and under "Resident shield is..." - click active.

This should now change to inactive.

Changing Recommended Actions

Click the Scanner icon at the top and then click the Settings Tab.

Under "How to act?" click Recommended actions and select "Quarantine" from the menu.

You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

3) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Boot into Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.

5) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.

If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.

Click "Complete System Scan"

While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!

When the scan has completed, any threats that AVG A-S has detected will be displayed.

Click the Apply all actions button at the bottom.

When AVG A-S has finished, it will display the message "All actions have been applied".

Saving a report:

Click the Save Report button at the bottom left and the "Reports" window will open.

The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.

You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.

Close AVG A-S.

6) Boot into Normal Mode.

Post a new HJT log (run in Normal Mode), the AVG A-S log AND a description of how your PC is running.

It seems likely that the Winfixer traces are just leftovers and I wouldn't worry about them. They will probably need manually removing, so unless you feel happy going into the registry, they can be left alone.
If you do want them gone, let me know and i'll walk you through the necessary steps - it isn't difficult, but you do need to be very careful as one wrong move can cause your PC to fail to boot. This is a worse-case scenario, but you do need to be aware of it.

Other that that, you're about done.

If you don't intend to use the AVG A-S Resident Guard, do the following:

Go to Start > Run, enter services.msc and hit OK.

Locate and right click AVG Anti-Spyware Guard

Select Properties from the menu.

Under the General Tab, change the Service status: to Stopped and then the Startup type: to Disabled.

You don't need to have this service running if you aren't using the guard.
Once the trial period has expired, you will need to do this unless you upgrade as well.

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.